Source: Christine Romero-Chan / iMore
What you need to know
- A security researcher has warned of some major issues in iOS 15.
- They say that three zero-day vulnerabilities discovered in Apple's iPhone software still haven't been fixed.
A security researcher has warned that Apple has not fixed three zero-day vulnerabilities discovered in iOS 15.
Illusionofchaos took to the web stating:
I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.
The researcher says that they contacted Apple to get an update and threatened to make their findings public if they didn't get an explanation. Whilst one issue found has been patched in iOS 14.7, three more issues are apparently still present in the latest software Apple released earlier this week in advance of the iPhone 13 launch today.
One issue reportedly lets any app installed from the App Store access a user's Apple ID email and full name, Apple ID authentication token, a database containing contact information and interaction records, and the Speed Dial and Address Book database including things like contact pictures. Another vulnerability "allows any user-installed app to determine whether any app is installed on the device given its bundle ID." The final zero-day bug "makes it possible for any qualifying app (e.g. posessing location access authorization) to gain access to Wifi information without the required entitlement."
Illusionofchaos says they sent detailed reports to Apple in April of this year and was quickly informed Apple was investigating the issues. As noted, whilst one other problem has been fixed the aforementioned vulnerabilities all still persist, and Illusionofchaos says they haven't received any reply from Apple as of Friday, September 24.
iOS gaming recap: PlayStation makes big moves into iOS, Streets of Rage 4
Besides some new games, a huge game maker discussed its plans to move into the mobile space, although it's unclear when. Here's what else you missed this week.
GRAMMY-winning music producer lauds his Mac Studio but still wants Mac Pro
GRAMMY-winning music producer Mike Dean, who has worked with the likes of Kanye, Selena Gomez, and Madonna has taken to Instagram to wax lyrical about his M1 Ultra Mac Studio while still lamenting the fact that he can't buy an Apple silicon Mac Pro.
Review: You really ought to check out Catalyst Black for iOS
Catalyst Black is an online multiplayer game that has teams compete against each other to score points and take down opponents. It has both sci-fi and fantasy elements since players can turn into large beasts to do additional damage.
Yes, your iPhone 13 Pro can look super cute with the right case
The iPhone 13 Pro's colorways might be neutral, but it can still be an amazing and outfit-enhancing accessory with one of these cases.